ACO DisableDNSLookup behavior clarification and details in Web Agent
search cancel

ACO DisableDNSLookup behavior clarification and details in Web Agent


Article ID: 11079


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder)



Questions about the behavior of the ACO parameter DisableDNSLookup:

  1. With DisableDNSLookup set to NO, does the Web Agent do a Reverse DNS Lookup when it receives a request with an IP Address instead of a Fully Qualified Domain Name in the URL?
  2. When DisableDNSLookup is set to NO, how does the Web Agent do the reverse DNS Lookup?
  3. Does DisableDNSLookup disable forward DNS Lookup too, as requesting the IP Address from the FQDN?



  1. Yes, it does.

    And this is to prevent the behavior that the DisableDNSLookup=YES will disable these reverse DNS requests.

    Web Agent logs and network traces show this:


    [05/30/2014][05:35:51][22507][1143875904][CSmHttpPlugin.cpp:345][CSmHttpPlugin::ProcessResource][<Transaction ID>][][][][][][Resolved HTTP_HOST: ''.] 

    [05/30/2014][05:35:51][22507][1143875904][CSmHttpPlugin.cpp:3772][Entered CSmHttpPlugin:: ResolveFQServerName sHost: ][][][][][][][]

    [05/30/2014][05:35:51][22507][1143875904][CSmHttpPlugin.cpp:426][CSmHttpPlugin::ProcessResource][<Transaction ID>][][][][][][Resolved hostname: ''.] 

    372 8.522751
    DNS Standard query PTR
    688 15.368671
    DNS Standard query response PTR


    [05/30/2014][05:39:37][22617][1124198720][CSmHttpPlugin.cpp:345][CSmHttpPlugin::ProcessResource][<Transaction ID>][][][][][][Resolved HTTP_HOST: ''.]

    [05/30/2014][05:39:37][22617][1124198720][CSmHttpPlugin.cpp:3772][Entered CSmHttpPlugin::ResolveFQServerName sHost: ][][][][][][][]

    [05/30/2014][05:39:37][22617][1124198720][CSmHttpPlugin.cpp:3848][CSmHttpPlugin::ResolveFQServerName: isIP][][][][][][][] 

    [05/30/2014][05:39:37][22617][1124198720][CSmHttpPlugin.cpp:3967][CSmHttpPlugin::ResolveFQServerName, DNSLookups disabled, checking to see if cookiedomain added!][][][][][][][]

    [05/30/2014][05:39:37][22617][1124198720][CSmHttpPlugin.cpp:426][CSmHttpPlugin::ProcessResource][<Transaction ID>][][][][][][Resolved hostname: ''.] 

    and no request in the network traces.

  2. Name and Addresses resolutions are done using the POSIX API:

    getaddrinfo() : to resolve IP Address from a FQDN
    getnameinfo() : to resolve FQDN from an IP Address

  3. Yes, it disables forward DNS lookup (Hostname to IP address) too.